Back to bug 2189758
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-04-26 05:16:14 UTC | CC | amctagga, jcantril, mrajanna, muagarwa, nbecker, ocs-bugs, periklis, tnielsen | |
| Avinash Hanwate | 2023-04-26 05:20:50 UTC | Blocks | 2189759 | |
| Product Security DevOps Team | 2023-04-26 12:10:44 UTC | Resolution | --- | NOTABUG |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-04-26 12:10:44 UTC | |||
| Avinash Hanwate | 2023-07-11 06:39:05 UTC | Doc Text | HashiCorp Vault Enterprise could allow a remote attacker to obtain sensitive information, caused by improper authentication validation by the /sys/license endpoint. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain license metadata from DR secondaries, and use this information to launch further attacks against the affected system. | |
| RaTasha Tillery-Smith | 2023-07-11 14:04:15 UTC | Doc Text | HashiCorp Vault Enterprise could allow a remote attacker to obtain sensitive information, caused by improper authentication validation by the /sys/license endpoint. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain license metadata from DR secondaries, and use this information to launch further attacks against the affected system. | A flaw was found in HashiCorp Vault Enterprise. This flaw allows a remote attacker to obtain sensitive information caused by improper authentication validation by the /sys/license endpoint. By sending a specially-crafted HTTP request, an attacker can obtain license metadata from DR secondaries and use this information to launch further attacks against the affected system. |
Back to bug 2189758